Kubernetes容器集群部署Etcd(三)

master端操作：

 下载ectd：

https://github.com/coreos/etcd/releases/tag/v3.2.12

在分三台机器分别创建如下目录

mkdir /opt/kubernetes/{bin,cfg,ssl} -p

bin目录存放二进制包
cfg目录存放配置文件
ssl目录存放相关证书

解压etcd并把二进制放到的/opt/kubernetes/bin下

[root@master app]# mv etcd-v3.2.12-linux-amd64/etcd /opt/kubernetes/bin/
[root@master app]# mv etcd-v3.2.12-linux-amd64/etcdctl /opt/kubernetes/bin/

创建etcd

cfg目录下：

[root@master cfg]# cat > etcd <<EOF
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.1.101:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.101:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.101:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.101:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.1.101:2380,etcd02=https://192.168.1.102:2380,etcd03=https://192.168.1.101:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF

使用systemctl启动etcd

[root@master cfg]# vim /usr/lib/systemd/system/etcd.service

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=-/opt/kubernetes/cfg/etcd
ExecStart=/opt/kubernetes/bin/etcd
--name=${ETCD_NAME}
--data-dir=${ETCD_DATA_DIR}
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS}
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS}
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS}
--initial-cluster=${ETCD_INITIAL_CLUSTER}
--initial-cluster-token=${ETCD_INITIAL_CLUSTER}
--initial-cluster-state=new
--cert-file=/opt/kubernetes/ssl/server.pem
--key-file=/opt/kubernetes/ssl/server-key.pem
--peer-cert-file=/opt/kubernetes/ssl/server.pem
--peer-key-file=/opt/kubernetes/ssl/server-key.pem
--trusted-ca-file=/opt/kubernetes/ssl/ca.pem
--peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

复制生成的证书到ssl止录下

[root@master ssl]# cp server*pem ca*em /opt/kubernetes/ssl/

启动etcd

systemctl start etcd
systemctl enable etcd

将master下的cfg bin ssl传到两台node节点

[root@master ~]# scp -r /opt/kubernetes/ssl/ root@192.168.1.102:/opt/kubernetes/
[root@master ~]# scp -r /opt/kubernetes/ssl/ root@192.168.1.103:/opt/kubernetes/
[root@master ~]# scp -r /opt/kubernetes/cfg/ root@192.168.1.103:/opt/kubernetes/
[root@master ~]# scp -r /opt/kubernetes/cfg/ root@192.168.1.102:/opt/kubernetes/
[root@master ~]# scp -r /opt/kubernetes/bin/ root@192.168.1.102:/opt/kubernetes/
[root@master ~]# scp -r /opt/kubernetes/bin/ root@192.168.1.103:/opt/kubernetes/
scp /usr/lib/systemd/system/etcd.service root@192.168.1.102:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/etcd.service root@192.168.1.103:/usr/lib/systemd/system/

分别修改两台node节点etcd配置文件并启动etcd：

#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.1.102:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.102:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.102:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.102:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.1.101:2380,etcd02=https://192.168.1.102:2380,etcd03=https://192.168.1.103:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

#[Member]
ETCD_NAME="etcd03"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.1.103:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.103:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.103:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.103:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.1.101:2380,etcd02=https://192.168.1.102:2380,etcd03=https://192.168.1.103:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

把bin下的etcdctl加入到全局变量中:

[root@master ssl]# tail -1 /etc/profile
PATH=$PATH:/opt/kubernetes/bin

测试集群状态：

[root@master ssl]# etcdctl --ca-file=/opt/kubernetes/ssl/ca.pem --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --endpoints="https://192.168.1.101:2379,https://192.168.1.102:2379,https://192.168.1.103:2379" cluster-health
2018-08-07 16:04:56.712309 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
2018-08-07 16:04:56.713135 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
member aaa5c721ef606e3e is healthy: got healthy result from https://192.168.1.103:2379
member be00be9e45da0e29 is healthy: got healthy result from https://192.168.1.101:2379
member fcac5aab5d8c11fa is healthy: got healthy result from https://192.168.1.102:2379
cluster is healthy